Systems and methods for removing point of sale processing from PCI scope

ABSTRACT

The methods and systems described herein provide for processing payments at a retail location whose infrastructure has been significantly removed from PCI scope. A request for processing payments may be sent from a point of sale lane to a back office server in communication with a credit card terminal. A user may use the credit card terminal to enter in secure payment information which is securely transmitted to a remote authorization service for authorization. Through this method, the credit card terminal and sensitive payment information may be securely isolated from the remaining infrastructure at the retail location.

CROSS REFERENCE TO RELATED APPLICATIONS

This application continuation of U.S. application Ser. No. 13/302,045 filed Nov. 22, 2011, reference of which is hereby incorporated in its entirety.

BACKGROUND

Retailers, such as grocery stores, department stores, and restaurants, process thousands of credit card, debit card, and gift card transactions per day. One requirement for doing so is compliance with the Payment Card Industry Data Security Standard, also known as “PCI DSS,” or simply “PCI”. Ensuring that a retailer's payment processing computers, cash registers, back office servers, and credit card terminals comply with PCI can be time consuming and expensive. Various technical and non-technical standards and practices must be abided by for PCI compliance, and the retail location can be subject to frequent assessments and auditing.

Components of a retail system which handle secure payment information, also known as “cardholder data”, must meet the requirements of PCI. These components may be referred to as “within PCI Scope”. Components that do not handle secure payment information may be referred to as “outside PCI scope”. Similarly information whose processing and transmission would mandate that the hardware and software infrastructure handling said information fall within PCI scope may be referred to a “PCI scope information”, whereas information whose processing would not subject the underlying infrastructure to PCI scope may be referred to as “non-PCI scope information”.

Typically, a retail location which has more than one point of sale location, such as numerous check-out lanes at a department store or grocery store, generally has the following payment processing infrastructure: a cash register which provides a user the ability to sum the total amount of purchases for the transaction; a credit cart terminal for inputting payment card information; and a back office server that manages the various cash registers and credit card terminals, and which is relied upon for the processing of payment transactions.

Restaurants may also similarly have multiple point of sale locations for effectuating the processing of payment transactions. Rather than a check-out lane, a waiter may take your payment card to a kiosk for processing the transaction. Said kiosks may similarly have a computer that may act as an electronic cash register and a credit card terminal. Sometimes, rather than a kiosk, a restaurant may have mobile wireless credit card terminals which a user may use to process a payment transaction.

In standard setups, the entirety of the retail location's payment system infrastructure must be within PCI scope, including the cash registers, the credit card terminals, and the back office computer systems. Often, the back office computer systems track transaction processing and are responsible for communicating with a remote authorization service in order to authorize the transaction. Since in traditional setups all of these items fall within PCI Scope, a retailer can be expected to spend substantial amounts of resources, time, and money in assuring PCI compliance across the entire system.

SUMMARY

Applicant has appreciated that available technology for processing payment transactions requires that retailers spend valuable resources and time on PCI compliance. Traditional systems and methods for processing payment transactions focus on securing and monitoring every aspect of a retailer's payment processing infrastructure, from the credit card terminals, to the cash registers, to the back office servers, and the network itself. Applicant has further appreciated that no available technology exists for transitioning existing multiple lane (“multi-lane”) payment processing infrastructure into setups which remove the majority of the payment processing infrastructure from PCI scope; thereby substantially reducing costs and overhead on PCI compliance. Applicant has discovered that by effectively isolating a credit card terminal at a retail location, and substantially managing payment processing by a server at a location remote to a retail location in direct contact with a credit card terminal, substantial reductions in PCI compliance costs may be obtained.

Applicant has further appreciated that sensitive data, including information typically stored on payment cards, should be securely transmitted, stored, and processed.

In accordance with one embodiment of the invention, a back office server at a retail location may be in communication with a plurality of point of sale lanes and credit card terminals to effectuate the processing of payment transactions. The back office server may also communicate with a remotely located customer relationship management server to facilitate the use of customer loyalty programs, analytics, and receipt storage, tracking, and access. The plurality of credit card terminals are in direct communication with a remotely located payment processing server. The connection allowing communication between the credit card terminals and the back office server may be limited to a single port, such as a single isolated TCP/IP or UDP port. The remotely located payment processing server is responsible for communicating with an authorization server which may authorize or decline a particular payment processing transaction. The credit card terminal may communicate with the payment processing server over the public Internet, over a Virtual Private Network, or any form of wide area network. Communications may be additionally secured by firewalls disposed at either the retail location or remote location, or both. Additional security mechanisms, such as hardware monitoring devices which assure and prevent network tampering, may also be disposed at either the retail location, remote location, or both.

In some embodiments of the invention, a back office server at a retail location may be in communication with a single point of sale lane and a single credit card terminal to effectuate the processing of payment transactions. The single credit card terminal may be in direct communication with a remotely located payment processing server.

In accordance with a further embodiment of the invention, a method for processing payments is provided, the method comprising: receiving a request to process a payment transaction; determining that the request is associated with one of a plurality of credit card terminals at a retail location; receiving, by the determined credit card terminal, secure payment information; sending, by the determined credit card terminal, secure payment information to a remotely located server for authorization; and receiving, by the credit card terminal, an authorization from a remotely located server.

In some embodiments, a method for processing payments is provided, the method comprising: receiving a request to process a payment transaction; determining that the request is associated with a credit card terminal at a retail location; receiving, by the determined credit card terminal, secure payment information; sending, by the determined credit card terminal, secure payment information to a remotely located server for authorization; and receiving, by the credit card terminal, an authorization from a remotely located server. In accordance with a further embodiment of the invention, a method for processing payment transactions wherein the request to process a payment is received from a single point of sale lane at a retail location is provided. In accordance with a further embodiment of the invention, a method for processing payment transactions wherein the request to process a payment is received from a single electronic cash register at a retail location is provided.

In accordance with a further embodiment of the invention, a method for processing payment transactions further comprising the step of sending a request to a determined credit card terminal to initiate receipt of secure payment information is provided. In accordance with a further embodiment of the invention, a method for processing payment transactions wherein the request to process a payment is received from one of a plurality of point of sale lanes at a retail location is provided. In accordance with a further embodiment of the invention, a method for processing payment transactions wherein the request to process a payment is received from one of a plurality of electronic cash registers at a retail location is provided.

In accordance with a further embodiment of the invention, a method for processing payment transactions further comprising the additional steps of: determining that one of a plurality of point of sale lanes at a retail location is associated with an authorization; and sending the authorization to the determined point of sale lane is provided. In accordance with a further embodiment of the invention, a method for processing payment transactions comprising the additional steps of: determining that one of a plurality of electronic cash registers at a retail location is associated with the authorization; and sending the authorization to the determined electronic cash register is provided.

In some embodiments of the invention, a method for processing payment transactions further comprising the additional steps of: determining that a point of sale lane at a retail location is associated with an authorization; and sending the authorization to the determined point of sale lane is provided. In accordance with a further embodiment of the invention, a method for processing payment transactions further comprising the additional steps of determining that an electronic cash register at a retail location is associated with the authorization; and sending the authorization to the determined electronic cash register is provided.

In accordance with a further embodiment of the invention, a method for processing payment transactions wherein secure payment information is sent to a remotely located server through a firewall is provided.

In accordance with a further embodiment of the invention, a method for processing payment transactions wherein determining a credit card terminal associated with a request is based, at least in part, on a ticket associated with the request is provided. In accordance with a further embodiment of the invention, a method for processing payment transactions wherein determining a credit card terminal associated with a request is based, at least in part, on a table listing the associations of credit card terminals.

In accordance with a further embodiment of the invention, a method for processing payment transactions further comprising storing non-PCI scope payment transaction information in a database. In some embodiments, such non-PCI scope payment transaction information may be stored at the retail location. In some embodiments, such non-PCI scope payment transaction information may be stored at a remote location. In some embodiments, such non-PCI scope payment transaction information may be stored at both a retail location or remote location.

In accordance with a further embodiment of the invention, a method for processing payments is provided. A request to process a payment transaction is received by a back office server. The back office server determines that the request is associated with one of a plurality of credit card terminals at a retail location. The back office server sends a request to the determined credit card terminal to initiate the receipt of secure payment information to be applied to the requested transaction. The determined credit card terminal receives the request and initiates the receipt of secure payment information. The secure payment information is received by the credit card terminal, and may comprise credit card information, debit card information, associate personal identification number (PIN) information, gift card information, or loyalty program information. The credit card terminal sends the secure payment information to a remotely located payment processing server. The payment processing server manages the request and contacts a remotely located authorization server to authorize the payment. The remotely located payment processing server receives an authorization for the payment transaction, and sends the authorization to the credit card terminal. The credit card terminal receives the authorization from the remotely located server. The credit card terminal communicates the authorization, without sending secure payment information, to the back office server. The back office server determines that the authorization is associated with one of a plurality of point of sale lanes at the retail location. The back office server then communicates the authorization to one of a plurality of point of sale lanes at the retail location.

In accordance with a further embodiment of the invention, a method for processing payment transactions wherein a back office server operates in listening mode awaiting a request to process a payment transactions is provided.

In accordance with a further embodiment of the invention, a method for processing payment transactions further comprising the additional steps of: determining, based at least in part on payment information, that a customer belongs to a loyalty program; and applying loyalty program information to a requested transaction. The step of determining that a customer belongs to a loyalty program may be performed at a remotely located server, or at a back office server at a retail location.

In accordance with a further embodiment of the invention, a method for processing payment transactions further comprises determining, based at least in part on payment information, a token for a customer. The token may be used as a universal identifier for a customer which does not contain PCI scope information.

In accordance with a further embodiment of the invention, a method for processing payment transactions further comprises storing receipt information for the payment transaction. Receipt information may be stored at a remote location, or at a back office server.

In accordance with a further embodiment of the invention, a system for processing payment transactions is provided, the system comprising: at least one processing unit communicatively coupled to a memory unit capable of storing processor-executable instructions, wherein upon execution of the processor-executable instructions, the at least one processing unit: receives a request to process a payment transaction, and determines that the request is associated with one of a plurality of credit card terminals at a retail location; and a determined credit card terminal comprising at least one processing unit communicatively coupled to a memory unit capable of storing processor-executable instructions, wherein upon execution of the processor executable instructions, the at least one processing unit: receives secure payment information, sends secure payment information to a remotely located server for authorization, and receives an authorization from a remotely located server.

In accordance with a further embodiment of the invention, at least one non-transitory compute readable medium is provided, encoded with a plurality of instructions that, when executed, perform a method for processing payment transactions. The method may comprise: receiving a request to process a payment transaction; determining that the request is associated with one of a plurality of credit card terminals at a retail location; receiving, by the determined credit card terminal, secure payment information; sending, by the determined credit card terminal, secure payment information to a remotely located server for authorization; and receiving, by the credit card terminal, an authorization from a remotely located server.

In accordance with some embodiments of the invention, any embodiment which may involve a plurality of credit card terminals, point of sale lanes, or electronic cash registers may alternatively involve a single credit card terminal, point of sale lane, or electronic cash register. In some embodiments, there may be a single credit card terminal but a plurality of point of sale lanes or electronic cash registers. In some embodiments, there may be a single point of sale lane but a plurality of credit card terminals and electronic cash registers. In some embodiments, there may be a single electronic cash register but a plurality of credit card terminals and point of sale lanes.

BRIEF DESCRIPTION OF THE FIGURES

The foregoing and other objects, aspects, features, and advantages of the disclosure will become more apparent and better understood by referring to the following description taken in conjunction with the accompanying drawings, in which:

FIG. 1 is a block diagram of a system for processing payment transactions.

FIG. 2 is a block diagram of an exemplary embodiment of a system for executing computer executable instructions performed by processing arrangement and/or a computing arrangement, according to one embodiment of the present disclosure.

FIG. 3 is a block diagram of a system for processing payment transactions.

FIG. 4 is a block diagram demonstrating the flow of a method for processing payment transactions.

FIG. 5A is a flow diagram of a method for processing payment transactions.

FIG. 5B is a flow diagram of a method for processing payment transactions.

FIG. 6A-B are flow diagrams of methods for processing payment transactions.

FIG. 7A-B are block diagrams of systems for managing client relationships in conjunction with systems for processing payment transactions.

FIG. 8 is a flow diagram of a method for managing a loyalty program in conjunction with a method for processing payment transactions.

FIG. 9 is a flow diagram of a method for utilizing tokens to manage customer relationships in conjunction with a method for processing payment transactions.

DETAILED DESCRIPTION

In the following detailed description, reference is made to the accompanying drawings, which form a part hereof. In the drawings, similar symbols typically identify similar components, unless context dictates otherwise. The illustrative embodiments described in the detailed description, drawings, and claims are not meant to be limiting. Other embodiments may be utilized, and other changes may be made, without departing from the spirit or scope of the subject matter presented here. It will be readily understood that the aspects of the present disclosure, as generally described herein and illustrated in the figures, can be arranged, substituted, combined, and designed in a wide variety of different configurations, all of which are explicitly contemplated and made part of this disclosure.

In reference now to FIG. 1, a system for processing payment transactions is shown. Point of sale lanes 1, 2, and 3 are in communication with back office server 30. Point of sale lanes may be comprised of any form and combination of point of sale hardware and software, including electronic cash registers, checkout terminals, checkout kiosks, computers, wireless checkout terminals, restaurant ordering kiosks, customized desktop computers, laptops, wireless devices, tablet PCs, smart phones, or any other computing device capable of assisting with payment processing at a retail location. A point of sale lane may be a check-out lane or counter at a department store, grocery store, or other form of retail shopping locations, or it may be a kiosk at a restaurant or counter at a food service retail location, or any other location where a user effectuates the processing of a payment transaction. Back office server 30 may be a single server, a plurality of servers, a server farm, or an allocation of computing services provided by a cloud based provider of computer services. In some embodiments, server 30 may be a plurality of servers operated by a plurality of different parties, entities, and service providers. The back office server 30 may be located at the retail location or at a remote location.

In some embodiments, point of sale lanes may comprise electronic cash registers 11, 12, and 13, which are in communication with the back office server 30. Electronic cash registers 11, 12 and 13, may be any form of computing device capable of assisting a user in effectuating the processing of a payment transaction. Electronic cash registers may be any one of or combination of point of sale hardware and software, computerized cash register, checkout terminals, checkout kiosks, computers, wireless checkout terminals, wireless computers, restaurant ordering kiosk computers, checkout kiosk computers, payment processing kiosk computers, customized desktop computers, laptops, wireless devices, tablet PCs, smart phones, iPhones or iPads as provided by the Apple Corporation, or any other computing device capable of assisting a user with payment processing at a retail location. In some embodiments, communications between electronic cash registers 11, 12, and 13 and server 30 are encrypted. In some embodiments, communications between electronic cash registers 11, 12, and 13 and server 30 are encrypted using public-private key encryption. In some embodiments, communications between electronic cash registers 11, 12, and 13 and server 30 are encrypted using shared secret key encryption. In some embodiments, communications between electronic cash registers 11, 12, and 13 and server 30 are encrypted using Secure Socket Layer (SSL) or Transport Layer Security (TLS) protocols. In some embodiments, communications between electronic cash registers 11, 12, and 13 and server 30 are encrypted using a proprietary encryption scheme. In some embodiments, communications between electronic cash registers 11, 12, and 13 and server 30 may occur, at least in part, wirelessly.

The back office server 30 is in communication with credit card terminals 21, 22 and 23 which are located at the point of sale lanes. In some embodiments, the communication between credit card terminals 21,22, and 23 and server 30 may be limited to a single isolated port for communication of non-PCI scope information. In some embodiments the single isolated port may be a TCP/IP or UDP port. In some embodiments, communications between credit card terminals 21, 22, and 23 and server 30 are encrypted. In some embodiments, communications between credit card terminals 21, 22 and 23 and server 30 are encrypted using public-private key encryption. In some embodiments, communications between credit card terminals 21, 22 and 23 and server 30 are encrypted using shared secret key encryption. In some embodiments, communications between credit card terminals 21, 22 and 23 and server 30 are encrypted using Secure Socket Layer (SSL) or Transport Layer Security (TLS) protocols. In some embodiments, communications between credit card terminals 21, 22 and 23 and server 30 are encrypted using a proprietary encryption scheme. In some embodiments, communications between credit card terminals 21, 22 and 23 and server 30 may occur, at least in part, wirelessly.

In some embodiments, communications between credit card terminals 21, 22 and 23 and server 30 may be made utilizing dial-up communications, the Internet, TCP/IP, UDP, General packet radio service (GPRS) communications, cellular communications, WiFi, wireless communications utilizing the IEEE 802.11 standards, other forms of wireless communications, ethernet, or any other form of communications protocol, channel, or standard.

The credit card terminals 21, 22, and 23 are also in communication with a remotely located payment processing server 50. Server 50 may be a single server, a plurality of servers, a server farm, or an allocation of computing services provided by a cloud based provider of computer services. In some embodiments, server 50 may be a plurality of servers operated by a plurality of different parties, entities, and service providers. In some embodiments, the communication between credit card terminals 21, 22, and 23 and remotely located payment processing server 50 goes through one or both of firewalls 60 and 65. In some embodiments, the communication between credit card terminals 21, 22, 23 and remote server 50 may be additionally monitored by other software or hardware based network monitoring tools. In some embodiments, such network monitoring tools may assure that communications between the credit card terminals and server 50 are not tampered with. In some embodiments, communications between credit card terminals 21, 22, and 23 and server 50 are encrypted. In some embodiments, communications between credit card terminals 21, 22 and 23 and server 50 are encrypted using public-private key encryption. In some embodiments, communications between credit card terminals 21, 22 and 23 and server 50 are encrypted using shared secret key encryption. In some embodiments, communications between credit card terminals 21, 22 and 23 and server 50 are encrypted using Secure Socket Layer (SSL) or Transport Layer Security (TLS) protocols. In some embodiments, communications between credit card terminals 21, 22 and 23 and server 50 are encrypted using a proprietary encryption scheme.

In some embodiments, communications between credit card terminals 21, 22, and 23 and remotely located payment processing server 50 may be made utilizing dial-up communications, the Internet, TCP/IP, UDP, General packet radio service (GPRS) communications, cellular communications, WiFi, wireless communications utilizing the IEEE 802.11 standards, other forms of wireless communications, ethernet, or any other form of communications protocol, channel, or standard.

In some embodiments, credit card terminals (CCT) 21, 22 or 23 may be terminals that allow customers to swipe or otherwise input credit card information with which to effectuate a payment transaction. In some embodiments, CCTs 21, 22, or 23 may be terminals that allow customers to input any form of payment information that is not credit card information. In some embodiments, CCTs 21, 22, or 23 may be terminals that allow customers to input gift card information, bank account information, or debit card information. In some embodiments, CCTs 21, 22, or 23 may be terminals that allow customers to input payment information from an online payment service provider such as PayPal. In some embodiments, CCTs 21, 22, or 23 may be terminals that allow customers to input payment information from a rewards program. For example, a user may input rewards program information and use points or credits to effectuate the payment transaction.

In some embodiments, CCTs 21, 22, or 23 may be terminals that allow customers to input information wirelessly. In some embodiments, CCTs 21, 22, or 23 may be terminals that allow customers to input information through a Radio-Frequency Identification (RFID) device or chip. In some embodiments CCTs 21, 22, or 23 may be terminals that allow customers to input information through a touch pad or key pad. In some embodiments, CCTs 21, 22, or 23 may be terminals that allow customers to input information by swiping a card with a magnetic strip. In some embodiments, CCTs 21, 22, or 23 may be terminals that allow customers to input information by entering in a unique identifier or password.

In some embodiment, CCTs 21, 22, or 23 may be terminals that allow customers to input payment information via their cell phones or other mobile device.

In some embodiments, server 50 is in communication with authorization server 70. Server 70 may be a single server, a plurality of servers, a server farm, or an allocation of computing services provided by a cloud based provider of computer services. In some embodiments, server 70 may be a plurality of servers operated by a plurality of different parties, entities, and service providers. In some embodiments, communications between server 50 and server 70 are encrypted. In some embodiments, communications between server 50 and server 70 are encrypted using public-private key encryption. In some embodiments, communications between server 50 and server 70 are encrypted using shared secret key encryption. In some embodiments, communications between server 50 and server 70 are encrypted using Secure Socket Layer (SSL) or Transport Layer Security (TLS) protocols. In some embodiments, communications between server 50 and server 70 are encrypted using a proprietary encryption scheme. In some embodiments, communications between server 50 and server 70 may occur, at least in part, wirelessly.

In some embodiments, communications between credit card terminals 21, 22 and 23 and remotely located server 50 occur across the public Internet. In some embodiments, communications between credit card terminals 21, 22 and 23 and remotely located server 50 occur across a virtual private network (VPN). In some embodiments, communication between credit card terminals 21, 22 and 23 and remotely located server 50 occur across any form of wide area network. In some embodiments, communications between credit card terminals 21, 22 and 23 and remotely located server 50 occur across a private network. In some embodiments, communications between credit card terminals 21, 22 and 23 and remotely located server 50 may occur, at least in part, wirelessly.

In some embodiments, back office server 30 may be in communication with remotely located payment processing server 50. In some embodiments, the communication between server 30 and remotely located payment processing server 50 goes through one or both of firewalls 60 and 65. In some embodiments, communications between server 30 and server 50 are encrypted. In some embodiments, communications between server 30 and server 50 are encrypted using public-private key encryption. In some embodiments, communications between server 30 and server 50 are encrypted using shared secret key encryption. In some embodiments, communications between server 30 and server 50 are encrypted using Secure Socket Layer (SSL) or Transport Layer Security (TLS) protocols. In some embodiments, communications between server 30 and server 50 are encrypted using a proprietary encryption scheme.

In some embodiments, server 30, 50 and 70 may be in communication with additional storage devices or databases.

In reference now to FIG. 2, a block diagram of an exemplary embodiment of a system capable of implementing the present disclosure is shown. For example, an exemplary procedure in accordance with the present disclosure can be performed by a processing arrangement 110 and/or a computing arrangement 110. Such processing/computing arrangement 110 can be, e.g., entirely or a part of, or include, but not be limited to, a computer/processor that can include, e.g., one or more microprocessors, and use instructions stored on a computer-accessible medium (e.g., RAM, ROM, hard drive, or other storage device).

As shown in FIG. 2 a computer-accessible medium 120 (e.g., as described herein, a storage device such as a hard disk, floppy disk, memory stick, CD-ROM, RAM, ROM, etc., or a collection thereof) can be provided (e.g., in communication with the processing arrangement 110). The computer-accessible medium 120 may be a non-transitory computer-accessible medium. The computer-accessible medium 120 can contain executable instructions 130 thereon. In addition or alternatively, a storage arrangement 140 can be provided separately from the computer-accessible medium 120, which can provide the instructions to the processing arrangement 110 so as to configure the processing arrangement to execute certain exemplary procedures, processes and methods, as described herein, for example.

In reference now to FIG. 3, back office server 30 is comprised of a back office manager 32 and a credit card terminal (CCT) manager 34. The back office manager 32 may be any computing processor or portion thereof programmed to perform the functions of a back office manager. The CCT manager 34 may be any computing processor or portion thereof programmed to perform the functions of a CCT manager. In some embodiments, the back office manager 32 and CCT manager 34 may comprise a single joint back office manager and CCT manager. In some embodiments, the functions of the CCT manager 34 may be performed by the back office manager 32. In some embodiments, the CCT manager 34 may perform the functions of the back office manager. The back office manager may be in communication with electronic cash registers (ECR) 11, 12, and 13. The back office manager may be in communication with a payment processing server 51 on remote server 50. The payment processing service 51 may be any computing processor or portion thereof programmed to perform the functions of payment processing service. The payment processing service 51 may comprise of a payment gateway. The payment processing service 51 may be a payment gateway.

In some embodiments, the CCT manager 34 is in communication with the back office manager 32, and vice-versa. The CCT manager is further in communication with CCTs 21, 22, and 23. CCTs 21, 22, and 23 are in communication with a payment processing service 51 on remote server 50. In some embodiments, communications between payment CCTs 21, 22, and 23 and payment processing service 51 are routed through one or both of firewalls 60 and 65.

In some embodiments, payment processing service 51 is in communication with authorization service 71 on server 70. The authorization service 51 may be any computing processor or portion thereof programmed to perform the functions of the authorization service. Authorization service 71 may be comprised of a payment gateway. Authorization service 71 may be a payment gateway. In some embodiments, payment processing service 51 and authorization service 71 may be a single service.

In any embodiment, communications between various components of the payment processing system may be made utilizing either one or a plurality of: dial-up communications, the Internet, TCP/IP, UDP, General packet radio service (GPRS) communications, cellular communications, WiFi, wireless communications utilizing the IEEE 802.11 standards, other forms of wireless communications, ethernet, a packet-switched network, or any other form of communications protocol, channel, or standard.

In reference now to FIG. 4, a flow diagram for processing a payment transaction in the context of the present disclosure is shown. Back office manager 32 receives 401 a request to process a payment transaction from ECR 11. The back office manager 32 may validate and check the request to determine whether the request is consistent with payment processing requirements, and transmits the request to CCT manager 34. CCT manager 34 receives 402 the request from back office manager 32. CCT manager 34 may determine that CCT 21 is associated with the request for processing a payment transaction. CCT manager 34 may send 403 a request to CCT 21 to initiate the receipt of secure payment information. CCT 21 may receive secure payment information from a user, comprising credit card information, debit card information, Personal Identification Number (PIN) information, gift card information, or loyalty program information. CCT 21 sends 404 a request to payment processing service 51 to authorize the payment transaction. Payment processing service 51 receives the request to authorize the transaction, and sends 405 a request to authorization service 71 to authorize the transaction. Payment processing service 51 receives 406 an authorization for the payment transaction from authorization service 71. An authorization may be any form of computer readable indicator that the payment transaction has been authorized or approved by an authorization service. CCT 21 receives 407 an authorization from payment processing service 51 and sends an authorization to CCT Manager 34 which does not include PCI scope information. CCT Manager 34 receives 408 an authorization from CCT 21, which does not include PCI scope information. The CCT manager sends an authorization to back office manager 32. Back office manager 32 receives 409 an authorization from CCT Manager 34. Back office manager 32 sends 410 an authorization for the payment transaction to ECR 11.

In some embodiments, back office manager 32 may operate in listening mode, whereby it periodically determines whether a request to process a payment transaction has been received, or whether an authorization or other message has been received. In some embodiments, back office server 30 may operate entirely in listening mode, whereby it periodically determines whether a request, authorization, message, or signal has been received. In some embodiments, at least one module or process running on back office server 30 may operate in listening mode while other modules or processes do not operate in listening mode. In some embodiments, CCT Manager 34 may operate in listening mode, whereby it periodically determines whether a request to process a payment transaction has been received, or whether an authorization or other message has been received. In some embodiments CCT 21 may operate in listening mode, whereby it periodically determines whether a request to process a payment transaction has been received, or whether an authorization or other message has been received. In some embodiments ECR 11 may operate in listening mode, whereby it periodically determines whether a request to process a payment transaction has been received, or whether an authorization or other message has been received. In some embodiments, the periodicity with which a device, module, or process operates in listening mode may be so short so as to allow an action to be taken in response to receiving a request, authorization, or message nearly instantaneously.

In some embodiments, an authorization may be a secure packet of information indicating that the payment has been authorized. In some embodiments, an authorization may be an unsecure packet of information indicating that the payment has been authorized. In some embodiments, an authorization may be an address in memory that indicated that a payment has been authorized. In some embodiments, an authorization may be an electronic message that indicated that a payment has been authorized. In some embodiments, and authorization may be a request that the credit card terminal complete the payment processing transaction. In some embodiments, an authorization may change format between Authorization Service 71, Payment Processing Service 51, Firewall 65, Firewall 60, CCT 21, CCT Manager 34, Back Office Manager 32, and ECR 11. For example, an authorization received by Payment Processing Service 51 may be a request by Authorization Service 71 for Payment Processing Service 51 to effectuate the processing of the payment transaction. In turn, Payment Processing Service 51 may communicate the authorization to CCT 21 in the form of a request for CCT 21 to effectuate the processing of a payment transaction. In turn, CCT 21 may communicate an authorization to CCT Manager 34 in the form of a message to CCT Manager 34 informing CCT Manager 34 that the transaction has been authorized. In turn, CCT Manager 34 may communicate an authorization to Back Office Manager 32 in the form of a request to Back Office Manager 32 to effectuate the processing of a payment transaction. In turn, Back Office Manager 32 may communicate an authorization to ECR 11 in the form of a request to ECR 11 to effectuate the processing of a payment transaction, such as a request to print out a receipt for a customer. In an alternative embodiment, an authorization may be a single packet of data, file, or message which is sent from Authorization Service 71, and forwarded to Payment Processing Service 51, then forwarded to CCT 21, then forwarded to CCT Manager 34, then forwarded to Back Office Manager 32, and forwarded to ECR 11.

In some embodiments, an authorization may be communicated across a different communications link than that on which a request for authorization is communicated.

In reference now to FIG. 5A, a flow diagram for a method for processing payment transactions is depicted. At a point of sale lane, a user requests 501 processing of a payment transaction. Further at the point of sale, a request is sent 503 to the back office server 30 to effectuate the processing of the payment transaction. Back office server 30 receives 505 a request to process a payment transaction. Back office server 30 determines 507 which of a plurality of CCTs at a retail location is associated with the request. Back office server 30 sends 509 a request to the determined CCT to effectuate payment processing. The determined CCT 21 receives 511 the request to effectuate payment processing. The determined CCT 21 prompts 513 a user to enter payment information. Payment information may be comprised of credit card information, debit card information, PIN information, gift card information, or loyalty program information. The determined CCT 21 receives 515 secure user payment information. The determined CCT sends 517 secure payment information to remotely located payment processing service 51 along with a request to authorize the payment transaction. Remote payment processing service 51 receives 519 the payment information and request for authorizing the payment transaction.

In reference now to FIG. 5B, a flow diagram for a method for processing payment transactions is depicted. Payment processing service 51 receives 519 the payment information and request for authorizing the payment transaction. Payment processing service 51 verifies 521 the request. Payment processing service 51 sends 523 a request for authorization of the payment transaction to authorization service 71 for approval. Payment processing service 51 receives 525 an approval or authorization for the payment transaction from the authorization service 71. Payment processing service 51 sends 527 an approval or authorization for the payment transaction to the determined CCT 21. The determined CCT 21 receives 529 an approval or authorization for the payment transaction. The determined CCT 21 sends 531 an approval or authorization to back office server 30 without PCI scope information. Back office server 30 receives 533 an approval or authorization for the payment transaction without PCI scope information. Back office server 30 determines 535 that one of a plurality of point of sale lanes is associated with the approval or authorization. Back office server 30 sends 541 an approval or authorization to the determined point of sale lane. At the point of sale lane, an approval or authorization is received 539. At the point of sale lane, a confirmation of the payment transactions is provided 541 to a user.

In reference now to FIG. 6A, a method for processing payment transactions is shown. A request to process a payment is received 602. A determination 604 is made that the request is associated with one of a plurality of credit card terminals at a retail location. A request is sent 606 to the determined credit card terminal to initiate receipt of secure payment information. The determined credit card terminal receives 608 secure payment information. The determined credit card terminal sends 610 the secure payment information to a remotely located server for authorization. The determined credit card terminal receives 612 an authorization from a remotely located server.

In some embodiments, a request to process a payment is received. A determination is made that the request is associated with a credit card terminal at a retail location. A request is sent to the determined credit card terminal to initiate receipt of secure payment information. The determined credit card terminal received secure payment information. The determined credit card terminal sends the secure payment information to a remotely located server for authorization. The determined credit card terminal receives an authorization from a remotely located server.

In reference now to FIG. 6B, a method for processing payment transactions is shown. A request to process a payment is received 602 from an electronic cash register. A determination 604 is made that the request is associated with one of a plurality of credit card terminals at a retail location. A request is sent 606 to the determined credit card terminal to initiate receipt of secure payment information. A user is prompted 607 to input secure payment information at the determined credit card terminal. The determined credit card terminal receives 608 the secure payment information. The determined credit card terminal sends 610 the secure payment information to a remotely located server for authorization. The determined credit card terminal receives 612 an authorization from the remotely located server. The determined credit card terminal sends 614 a payment authorization without PCI scope information. The electronic cash register receives 616 a payment authorization without PCI scope information.

In reference now to FIG. 7A, a system for managing customer relationships in the context of processing payment transactions is depicted. Back office server 30 is in communication with customer relationship management (CRM) server 40. Server 40 may be a single server, a plurality of servers, a server farm, or an allocation of computing services provided by a cloud based provider of computer services. In some embodiments, server 40 may be a plurality of servers operated by a plurality of different parties, entities, and service providers. Server 40 may also be in communication with payment processing server 50. In some embodiments, communications between server 30 and server 40 are encrypted. In some embodiments, communications between server 30 and server 40 are encrypted using public-private key encryption. In some embodiments, communications between server 30 and server 40 are encrypted using shared secret key encryption. In some embodiments, communications between server 30 and server 40 are encrypted using Secure Socket Layer (SSL) or Transport Layer Security (TLS) protocols. In some embodiments, communications between server 30 and server 40 are encrypted using a proprietary encryption scheme. In some embodiments, communications between server 30 and server 40 may occur, at least in part, wirelessly.

In some embodiments, communications between back office server 30 and CRM server 40 may occur through one or both of firewalls 60 and 65. Communication between server 30 and server 40 may occur across the public Internet. In some embodiments, communications between server 30 and server 40 occur across a virtual private network (VPN). In some embodiments, communication between server 30 and server 40 occur across any form of wide area network. In some embodiments, communications between server 30 and server 40 occur across a private network. In some embodiments, communications between server 30 and server 40 may occur, at least in part, wirelessly.

In reference now to FIG. 7B, a system for managing customer relationships in the context of processing payment transactions is depicted. A CRM server 40 is comprised of a loyalty program manager 42 and a receipts manager 44. The loyalty program manager 42 may be any computing processor or portion thereof programmed to perform the functions of a loyalty program manager. The receipts manager 44 may be any computing processor or portion thereof programmed to perform the functions of a receipts manager. In some embodiments the loyalty program manager 42 and receipts manager 44 may comprise a single joint loyalty program and receipts manager. In some embodiments, the functions of the loyalty program manager may be performed by the receipts manager 44. In some embodiments, the loyalty program manager 42 may perform the functions of the receipts manager. CRM server 40 may be in communication with storage 50. In some embodiments, storage 50 may be in the form of a database. In some embodiments, loyalty program manager 42 and/or receipts manager 44 are in communication with payment processing service 51. In some embodiments, loyalty program manager 42 and/or receipts manager 44 are in communication with back office manager 32.

In reference now to FIG. 8, a method for managing customer relationships in the context of processing payment transactions is depicted. A determination 802 is made, based at least in part on payment information, that a customer belongs to a loyalty program. Loyalty program information is applied 804 to the requested transaction. Transaction information is stored 806 with other loyalty program information. Loyalty program information is sent 808 to a retail location. A determination 810 is made as to which point of sale lane loyalty program information applies. Loyalty program information is sent 812 to the determined point of sale lane.

In reference now to FIG. 9, a method for managing customer relationships in the context of processing payment transactions is depicted. A token for a customer is determined 902, based at least in part on payment information. A determination 904 is made, based at least in part on said token, as to whether a customer belongs to a loyalty program. Transaction information is stored 906 with an association to said token. Said token is received 908 at a retail location. Loyalty program information is applied 910 to a transaction based, at least in part, on said token. A token may be any computer readable identifier for a customer, including a data packet, address in memory, message, file, hash, or database entry. 

What is claimed is:
 1. A method for isolating secure payment information when processing payments at a retail location, the method comprising: receiving, by a secured credit card terminal at the retail location, secure payment information associated with a respective payment transaction initiated at said retail location; encrypting, by the secured credit card terminal, the secure payment information; sending, via a network and by the secured credit card terminal, the encrypted secure payment information to a remotely located server for authorization; receiving, via the network and by the secured credit card terminal, a first authorization for the payment transaction from the remotely located server; isolating, at the secure credit card terminal, a communication port designated for communication with electronic devices at the retail location such that said electronic devices at the retail location do not handle secure payment information; and sending, by the secured credit card terminal, a second authorization for the payment transaction that does not contain the secure payment information to an electronic device at the retail location a via said isolated communication port.
 2. The method of claim 1, further comprising receiving, by the secured credit card terminal, a request from an electronic device at the retail location to initiate receipt of the secure payment information.
 3. The method of claim 1, wherein sending the secure payment information includes sending the secure payment information to the remotely located server for authorization over a virtual private network.
 4. The method of claim 1, further comprising: determining, by the electronic device at the retail location, that one of a plurality of point of sale lanes at the retail location is associated with the second authorization; and sending, in response to the second authorization, a third authorization to the determined point of sale lane.
 5. The method of claim 1, further comprising: determining that one of a plurality of electronic cash registers at a retail location is associated with the first authorization.
 6. The method of claim 1, wherein sending the secure payment information includes sending the secure payment information to the remotely located server through a firewall.
 7. The method of claim 1, further comprising storing transaction information not including the secure payment information in a database.
 8. The method of claim 1, further comprising: determining, based at least in part on the secure payment information, that a customer belongs to a loyalty program; and applying loyalty program information to the payment transaction.
 9. The method of claim 8, wherein said determining step relating to whether a customer belongs to a loyalty program is performed at the remotely located server.
 10. The method of claim 8, further comprising determining, based at least in part on the secure payment information, a token for the customer.
 11. The method of claim 1, further comprising storing receipt information for the payment transaction.
 12. A secured electronic device for isolating secure payment information when processing payments at a retail location comprising: an isolated communication port designated for communicating with electronic devices at the retail location such that said electronic devices at the retail location do not handle secure payment information; at least one processor; and a memory communicatively coupled to the at least one processor and storing computer-executable instructions, the computer-executable instructions, when executed by the at least one processor, cause the electronic device to: receive secure payment information associated with a respective payment transaction at said retail location; encrypt the secure payment information; send, via a network, the encrypted secure payment information to a remotely located server for authorization; receive, via the network, a first authorization for the payment transaction from the remotely located server; and send a second authorization that does not contain the secure payment information for the payment transaction to an electronic device at the retail location over said communication port.
 13. The electronic device of claim 12, wherein sending the secure payment information includes sending the secure payment information to the remotely located server for authorization over a virtual private network.
 14. The electronic device of claim 12, wherein sending the secure payment information includes sending the secure payment information to the remotely located server through a firewall.
 15. The electronic device of claim 12, wherein the computer-executable instructions, when executed by the at least one processor, further cause the electronic device to store transaction information not including the secure payment information in a database.
 16. The electronic device of claim 12, wherein receiving the secure payment information includes receiving the secure payment information via at least one of input interface or via a mobile device.
 17. A non-transitory computer-readable storage medium with computer readable instructions stored thereon, the computer readable instructions, when executed by a computing device, cause the computing device to perform a method for processing payments, the method comprising: receiving, by a secured credit card terminal at a retail location, secure payment information associated with a respective payment transaction initiated at said retail location; encrypting, by the secured credit card terminal, the secure payment information; sending, via a network and by the secured credit card terminal, the encrypted secure payment information to a remotely located server for authorization; receiving, via the network and by the secured credit card terminal, a first authorization for the payment transaction from the remotely located server; isolating, at the secure credit card terminal, a communication port designated for communication with electronic devices at the retail location such that said electronic devices at the retail location do not handle the secure payment information; and sending, by the secured credit card terminal, a second authorization for the payment transaction that does not contain the secure payment information to an electronic device at the retail location via said isolated communication port.
 18. The non-transitory computer-readable storage medium of claim 17, wherein sending the secure payment information includes sending the secure payment information to the remotely located server for authorization over a virtual private network.
 19. The non-transitory computer-readable storage medium of claim 17, wherein sending the secure payment information includes sending the secure payment information to the remotely located server through a firewall.
 20. The non-transitory computer-readable storage medium of claim 17, wherein receiving the secure payment information includes receiving the secure payment information via at least one of input interface or via a mobile device. 